Privacy Policy

Effective Date: March 1, 2026 · Last Updated: February 28, 2026

1. Who We Are

Praxiom Health (“we,” “us,” “our”) is a wellness technology company that develops the Praxiom Health mobile application. Our headquarters are in Santa Rosa Beach, Florida, USA, with EU operations in Munich, Germany.

For privacy inquiries, contact us at privacy@praxiom.health.

2. What Data the App Processes

2.1 Health Data You Enter

You may enter biomarker values (such as hs-CRP, HbA1c, MMP-8, salivary pH, and others), fitness assessment scores, your date of birth, and wearable device data (heart rate, HRV, steps). This data is used solely to calculate your biological age and provide wellness insights.

2.2 Data From Wearable Devices

If you choose to connect a wearable device (Apple Watch via HealthKit, Oura Ring, Garmin, Ultrahuman, or Whoop), the app retrieves health metrics such as heart rate variability, heart rate, step count, and sleep data through those platforms’ APIs. This data is stored locally on your device alongside your other health data.

2.3 Data We Do Not Collect

3. Where Your Data Is Stored

All health data is stored exclusively on your device using the following protections:

• AES-256 encryption for all health-related data at rest
• iOS Keychain / Android Keystore for encryption keys and authentication credentials
• PBKDF2 key derivation with 100,000 iterations for master key generation
• PIN and/or biometric authentication required to access the app

No health data is transmitted to our servers or any third-party servers. There is no cloud backup, no server-side storage, and no remote database containing your information.

4. How Your Data Is Used

Your data is used exclusively for the following on-device purposes:

• Calculating your biological age using the Praxiom algorithm
• Displaying wellness scores and trends over time
• Providing educational wellness insights based on published scientific research
• Generating PDF reports that you may choose to share with a healthcare provider
• Scanning lab reports using on-device optical character recognition (OCR) — images are processed locally and are not stored or transmitted

5. Third-Party Services

The app integrates with the following third-party services only when you explicitly initiate the connection:

• Apple HealthKit: Read-only access to health metrics you authorize. Governed by Apple’s privacy policy.
• Oura Ring API: Retrieves sleep, readiness, and HRV data via OAuth. Governed by Oura’s privacy policy.
• Garmin Connect: Retrieves activity and HRV data via OAuth. Governed by Garmin’s privacy policy.
• Ultrahuman / Whoop APIs: Retrieves recovery and HRV data via OAuth. Governed by their respective privacy policies.

We do not share your data with these services. Data flows one way: from them to your device.

6. Data Sharing

The only ways your data leaves your device are actions you explicitly initiate:

• Exporting your data as a JSON file using the in-app export function
• Sharing a PDF report via your device’s share sheet (e.g., email, AirDrop)

7. Data Retention and Deletion

Since all data resides on your device, you have full control:

• Delete all data: Use “Reset All Data” in the app’s Settings screen. This permanently erases all health data, biomarker history, and calculations.
• Uninstall the app: Removing the app from your device deletes all associated data from local storage.
• Export before deletion: You may export your data before deleting it.

Because we do not store your data on our servers, there is no server-side data to request deletion of.

8. Children’s Privacy

Praxiom Health is intended for adults aged 18 and older. We do not knowingly process data from anyone under 18. The app includes an age confirmation step during onboarding. If you believe someone under 18 has used the app, the data exists only on that individual’s device and can be deleted by uninstalling the app.

9. Your Rights

9.1 For All Users

You have the right to access, export, and delete all of your data at any time through the app’s built-in tools. No request to us is necessary because the data is on your device.

9.2 Additional Rights for EU/EEA Residents (GDPR)

Under the General Data Protection Regulation, you have additional rights including data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. Because all processing occurs on your device and we do not collect personal data, most GDPR data subject requests are satisfied by the app’s built-in export and deletion features. For questions, contact privacy@praxiom.health.

9.3 Additional Rights for California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to know what personal information is collected and to request its deletion. We do not collect personal information as defined by the CCPA, do not sell personal information, and do not share personal information for cross-context behavioral advertising.

10. Security

Our security practices are aligned with HIPAA technical safeguard standards, including AES-256 encryption, access controls via PIN/biometric authentication, and secure key management using platform-native hardware-backed keystores. While no system can guarantee absolute security, our on-device-only architecture eliminates the most common attack vector: server-side data breaches.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If we make material changes that affect how your data is processed, we will notify you through the app before the changes take effect.

12. Contact Us